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AUTHENTICATION APPARATUS AND AUTHENTICATION SYSTEM 

[0001] The present application claims priority from a 

Japanese Patent Application No. 2003-005111 filed on January 10, 
5 2 003 , the contents of which are incorporated herein by reference . 

BACKGROUND OF THE INVENTION 

Field of the Invention 

10 [0002] The present invention relates to an authentication 

apparatus and an authentication system for certifying the right 
person by means of an article for authentication of a portable 
recording medium etc. More particularly, the present invention 
relates to an authentication apparatus and an authentication system 

15 capable of preventing that improper person pretends to be the right 
person even when improper person acquired an article for 
authentication . 

Description of the Related Art 

2 0 [0003] In order to manage entrance management information 

and secret information, apersonal authentication may be performed 
using portable recording media such as a magnetic card or an IC 
card. In this personal authentication technology, the portable 
recording media previously hold an authentication Icey for use in 
25 the personal authentication . And then, the right person who should 
be certified lets an authentication apparatus to read out the 
portable recording media. The authentication apparatus inquires 
an authentication key read from the portable recording media with 
the previously registered authentication key, and certifies that 

3 0 the occupier of the portable recording media is the right person 

when two authentication keys are identical. For details, refer 
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to, for example, Japanese Patent Applications Laid-Open Nos. 
2002-92495 and 2001-36895. 

[0004] When improper person acquired the portable recording 

media that hold the authentication key, improper person can pretend 
5 to be and behave like the right person. A password can be used 
in order to prevent this. However, in this case, the right person 
has to memorize the password, and thus this was burden to the right 
person. 

10 SUMMARY OF THE INVENTION 

[0005] Therefore, it is an object of the present invention 

to provide an authentication apparatus and an authentication system 
which can solve the foregoing problems . The above and other obj ects 
15 can be achieved by combinations described in the independent claims . 
The dependent claims define further advantageous and exemplary 
combinations of the present invention. 

[0006] According to the first aspect of the present invention, 

there is provided an authentication apparatus for performing a 

20 personal authentication process. The authentication apparatus 
includes: an authentication information receiving unit for 
receiving an authentication information held by each of a plurality 
of articles for authentication from each of the plurality of 
articles for authentication carried by a right person, and at the 

25 same time communicating with at least one article for 
authentication by radio; and a personal authentication unit for 
performing the personal authentication process using the plurality 
of authentication information received by the authentication 
information receiving unit. 

30 [0007] In the first aspect, the authentication apparatus may 

further include an authentication information holding unit for 
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previously holding weight coefficients showing weights of the 
authentication information in response to each of the plurality 
of authentication information, the personal authentication unit 
may acquire the weight coefficient corresponding to the received 
5 authentication information from the authentication information 
holding unit, and certify the right person when a sum of the acquired 
weight coefficients is greater than a predetermined reference 
value - 

[0008] The personal authentication unit may decide 

10 differently the reference value according to an object of the 
personal authent i cat ion . 

[0009] The personal authentication unit may certify the right 

person when the value of the received authentication information 
is more than the predetermined reference number. 
15 [0010] The personal authentication unit may decide the 

reference number according to an object of the personal 
authentication . 

[0011] One of the plurality of articles for authentication 

may hold an identification information identifying the right person 

20 as the authentication information. 

[0012] The plurality of articles for authentication may 

include a main article and a plurality of assistant articles, the 
plurality of assistant articles may hold the same authentication 
inf ormat ion , the personal authent i cat ion uni t may cer t i f y the right 

25 person when receiving the authentication information from the main 
article and the authentication information from any one of the 
assistant articles . 

[0013] According to the second aspect of the present invention, 

there is provided an authentication system. The authentication 
30 system includes : apluralityof articles for authentication carried 
by a right person and used to certify the right person; and an 
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authentication apparatus for performing a personal authentication 
process, each article for authentication holds different 
authentication information, the authentication apparatus 
includes a personal authentication unit for receiving the plurality 
5 of authentication information held by the plurality of articles 
for authentication and certifying the personal himself using the 
received plurality of authentication information. 
[0014] In the authentication system, at least one of the 

articles for authentication may transmit the authentication 

10 information to the authentication apparatus by radio using an 
energy by an electromagnetic wave acquired from outside. 
[0015] One of the articles for authentication may include 

an authentication key generating unit for receiving the 
authentication inf ormationheldby that article for authentication 

15 from the other articles for authentication, and generating an 
authentication key for the personal authentication based upon the 
received authentication information and the authentication 
information held by that article for authentication in advance, 
the personal authentication unit of the authentication apparatus 

2 0 may receive the authentication key from the article for 
authentication that has generated the authentication key, and 
certify the right person using the authentication key. 
[0016] The art icle for aut hent icat ion may generate a decoding 

key for decoding an encoded information using the authentication 

25 key, the personal authentication unit may perform a decoding 
process using the decoding key. 

[0017] The summary of the invention does not necessarily 

describe all necessary features of the present invention. The 
present invention may also be a sub- combination of the features 
30 described above. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

[0018] Fig. 1 is a schematic illustration showing a use state 

of an authentication system according to one embodiment of the 
5 present invention. 

[0019] Fig. 2 is a block diagram showing a configuration of 

an authentication apparatus. 

[0020] Fig. 3 is a table showing data configuration of an 

authentication information holding unit. 
10 [0021] Fig. 4 is a table showing data configuration of a 

reference value holding unit. 

[0022] Fig. 5 is a flowchart explaining an example of an 

operation when the authentication apparatus certifies the right 
person. 

15 [0023] Fig. 6 is a flowchart explaining the other example 

of the operation when the authentication apparatus certifies the 
right person. 

[0024] Fig. 7 is a table showing data configuration of the 

authentication information holding unit in the authentication 
20 apparatus in a first transformation example. 

[0025] Fig. 8 is a flowchart when the authentication apparatus 

certifies the right person in the first transformation example. 

[0026] Fig. 9 is a block diagram showing a configuration of 

an IC card according to a second transformation example. 
25 [0027] Fig. 10 is a flowchart explaining the right person 

authentication process performed by the authentication system in 
the second transformation example. 

DETAILED DESCRIPTION OF THE INVENTION 

30 
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[0028] The invention will now be described based on the 

preferred embodiments, which do not intend to limit the scope of 
the present invention, but exemplify the invention. All of the 
features and the combinations thereof described in the embodiment 
5 are not necessarily essential to the invention. 

[0029] Fig. 1 is a schematic illustration showing a use state 

of an authentication system 10 according to one embodiment of the 
present invention. The authentication system 10 comprises an IC 
card 100 and an IC tag 102a, and an authentication apparatus 200. 
10 The IC card 100 and the IC tag 102a are an example of an article 
for authent i cat ion . 

[0030] The IC card 100 holds an identification information 

for identifying the right person and a private information of the 
right person. The identification information is, for example, 
15 ID of the right person, a banlc card information or a credit card 
information, and the private information is, for example, amedical 
treatment information of the right person. 

[0031] The IC tag 102a is attached to, for example, a portable 

article 102 selected by the right person. The portable article 

20 102 is an article, such as glasses, that the portability by the 
right person is high. The IC tag 102a holds an authentication 
inf oirmation, and outputs the authentication information to outside 
by radio by using electromagnetic waves transmitted by the 
authentication apparatus 200 as an energy source. 

25 [0032] When the right person is certified, the authentication 

apparatus 200 reads out the identification information from the 
IC card 100 by contact types. In addition, the authentication 
apparatus 200 acquires the authentication information from the 
IC tag 102a by radio. In this case, the authentication apparatus 

30 200 may acquire the identification information from the IC card 
100 by radio. 
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[0033] The authentication apparatus 200 certifies the right 

person after acquiring the identification information from the 
IC card 100 and the authentication information from the IC tag 
102a. Therefore, even if improper person acquires the IC card 
5 100, improper person cannot pretend to be the right person unless 
the portable article 102 is possessed. Furthermore, the 
authentication apparatus 200 can certify the right person by only 
carrying the IC card 100 and the portable article 102 with the 
right person. Therefore, this is not burden to the right person. 

10 [0034] In addition, the right person carries one portable 

article 102 in Fig . 1, but may carry a plurality of portable articles 
102. In addition, the authentication apparatus 200 may set on 
condition f or apersonal authentication that the apparatus receives 
the authentication information from a plurality of IC tags 102a 

15 attached to each of the plurality of portable articles 102 except 
the IC card 100 . Furthermore, after the personal authentication, 
the authentication apparatus 2 00 may decode an encoded information. 
[0035] Fig. 2 shows a configuration of the authentication 

apparatus 200. The authentication apparatus 200 comprises an 

2 0 authentication information holding unit 210, a reference value 
holding unit 220, a personal authentication unit 230, and a 
processing unit 240 . The personal authentication unit 230 serves 
also as an authentication information receiving unit. 
[0036] The authentication information holding unit 210 holds 

25 the identification information of the IC card 100 and the plurality 
of authentication information of each IC tag 102a corresponding 
to the identification information. The reference value holding 
unit 220 holds a reference number of the authentication information 
necessary to the personal authentication. The personal 

30 authentication unit 23 0 perfoirms authentication process for the 
right person. The processing unit 240 performs a desired process 



using the individual information of the IC card 100 after the 
personal authentication unit 230 has certified the right person. 
[0037] In addition, the details of data configurations of 

the authentication information holding unit 210 and the reference 
5 value holding unit 220 are described below using tables. 
Furthermore, the details of operations of the personal 
authentication unit 230 and the processing unit 240 are described 
below using flowcharts. 

[0038] Fig. 3 is a table showing data configuration of the 

10 authentication information holding unit 210 . The authentication 
information holding unit 210 holds names of the articles for 
authentication and the authentication information of the IC tags 
102a of the articles for authentication corresponding to the 
identification information of the IC card 100. 
15 [0039] In addition, the authentication information holding 

unit 210 holds weight coefficients showing weights of each 
authentication information. The weight coefficients are decided 
based upon, for example, the probability that the right person 
carries the portable articles 102. Furthermore, the weight 
2 0 coefficients are used when the personal authentication unit 23 0 
certifies the right person, and the use method thereof is described 
below using a flowchart. 

[0040] Fig. 4 is a table showing data configuration of the 

reference value holding unit 220. The reference value holding 
25 unit 220 holds an object information showing an object of the 
personal authentication, for example, the reference number of the 
authentication information necessary to the personal 
authentication in response to the desired procedure by the right 
person. 

30 [0041] In addition, the reference value holding unit 220 holds 

the reference value, namely, the sum of the weight coefficients 
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of the authentication information necessary to the personal 
authentication in response to the object information. An use 
method of this reference value is described below using a flowchart . 
[0042] Fig. 5 is a flowchart explaining an example of an 

5 operation when the authentication apparatus 200 certifies the right 
person. In this example, the personal authentication unit 230 
of the authentication apparatus 2 00 certifies the right person 
by using the weight coefficients of the authentication information 
holding unit 210 and the reference value of the reference value 

10 holding unit 220. 

[0043] The right person inserts the IC card 100 into the 

authentication apparatus 2 00, and inputs the object information 
showing an object of the personal authentication by way of an input 
means such as a touch panel. The personal authentication unit 

15 23 0 acquires the input object information (S20) . After that, the 
personal authentication unit 23 0 reads the reference value 
corresponding to the acquired obj ect information from the reference 
value holding unit 220, and sets the read reference value as a 
reference value for the personal authentication (S30) . 

20 [0044] Next, the personal authentication unit 230 reads out 

the identification information from the IC card 100, and at the 
same time reads out the authentication information by radio from 
the IC tags 102a of each of the portable articles 102 carried by 
the right person (S40) . In addition, the personal authentication 

25 unit 23 0 selects the authentication information from the 
authentication information holding unit 210 based upon the 
identification information. After that, the personal 

authentication unit 230 confirms whether or not the authentication 
information read by radio is identical with the authentication 

30 information selected from the authentication information holding 
unit 210 . The personal authentication unit 230 reads out the weight 
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coefficients corresponding to the confirmed authentication 
information from the authentication information holding unit 210 
(S50) . 

[0045] The personal authentication unit 23 0 calculates the 

5 sum of the read weight coefficients (S60) , and certifies the right 
person when the calculated sum is greater than the set reference 
value (S70: Yes). When the right person is certified, the 
processing unit 240 carries out a process on the basis of the object 
information (S80) . This process includes also the decoding of 

10 the encoded information depending on the object. 

[0046] As explained above, the authentication apparatus 200 

certifies the right person when the sum of the weight coefficients 
corresponding to the acquired authentication information is 
greater than the reference value . For this reason, when possessing 

15 the article for authentication with high importance such as the 
IC card, the person can certify himself through the authentication 
apparatus 200 even if the person does not carry several articles 
for authentication with low importance. 

[0047] In addition, the reference value is decided based upon 

2 0 the object information, for example, a kind of a procedure. For 
example, when increasing the reference value corresponding to a 
procedure of high importance, the person who desires the procedure 
of high importance needs to carry the IC card 100 and other 
authentication articles. Therefore, even if improper person 
25 acquires the IC card, this improper person cannot perform the 
procedure of high importance like the right person. 
[0048] Fig. 6 is a flowchart explaining an example of an 

operation when the authentication apparatus 200 certifies the right 
person. In this example, the personal authentication unit 23 0 
30 of the authentication apparatus 200 certifies the right person 
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using the reference number of the reference value holding unit 
200 . 

[0049] The right person inserts the IC card 100 into the 

authentication apparatus 200, and inputs the object information 
5 showing an object of the personal authentication to the 
authentication apparatus 200 by way of input means such as a touch 
panel. The personal authentication unit 230 acquires the input 
object information (SllO) . After that, the personal 
authentication unit 230 reads the reference number corresponding 
10 to the acquired obj ect information from the reference value holding 
unit 220, and sets the read reference value as a value of the 
authentication information for the personal authentication 

(S120) . 

[0050] Next, the personal authentication unit 230 reads out 

15 the identification information from the IC card 100, and at the 
same time reads out the authentication information by radio from 
the IC tags 102a of each of the portable articles 102 carried by 
the right person (S130) . Inaddition, the personal authentication 
unit 23 0 selects the authentication information, which should be 

20 held by the portable article 102 of the right person, from the 
authentication information holding unit 210 based upon the 
identification information read from the IC card 100 . After that , 
the personal authentication unit 230 confirms whether or not the 
authentication information read by radio is identical with the 

25 authentication information selected from the authentication 
information holding unit 210 (S140) . The personal authentication 
unit 230 certifies the right person when the value of the same 
authentication information is greater than the set reference number 
(S140: Yes) . When the right person was certified, the processing 

3 0 unit 24 0 carries out a process on the basis of the object information 
(S150) . 
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[0051] According to this example, the authentication 

apparatus 200 certifies the right person when the value of the 
acquired authentication information is greater than the set 
reference value. Therefore, when several reference numbers are 
5 set , it is difficult for improper person to pretend to be and behave 
like the right person even if the IC card 100 and some portable 
articles 102 are acquired . 

[0052] Furthermore, in the first transformation example , the 

authentication apparatus 200 may set on condition for a personal 

10 authentication that the apparatus receives the authentication 
information from the IC card 100 and receives the authentication 
information from anything of the other portable articles 102 . In 
this second transformation example, each of the plurality of 
portable. articles holds the same authentication information, and 

15 serves as an assistance of the IC card 100 respectively. 

[0053] FIG. 7 is a table showing data configuration of the 

authentication information holding unit 210 of the authentication 
apparatus 200 in this transformation example . The authentication 
information holding unit 210 holds one authentication information 

2 0 in response to the identification information. This 
authentication information is the common information that the IC 
tags 102a of each portable article 102 should hold. 
[0054] Fig. 8 is a flowchart when the authentication apparatus 

200 certifies the right person in the transformation example . The 

25 right person inserts the IC card 100 into the authentication 
apparatus 200, and inputs the object information showing an object 
of the personal authentication to the authentication apparatus 
2 00 by way of input means such as a touch panel. The personal 
authentication unit 230 acquires the object information (S210) . 

30 [0055] Next, the personal authentication unit 230 reads out 

the identification information from the IC card 100, and at the 
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same time reads out the authentication information by radio from 
the IC tags 102a of the portable articles 102 carried by the right 
person (S220) . 

[0056] The personal authentication unit 230 certifies the 

5 right person when it is judged to have received the authentication 
information corresponding to the identification information from 
anything of the IC tags 102a (S230: Yes) . After that, when the 
right person was certified, the processing unit 240 carries out 
process on the basis of the object information (S24 0) . 

10 [0057] As explained above, in this transformation example, 

the authentication apparatus 200 certifies the right person when 
the right person carries the IC card 100 and some of the portable 
articles 102 or the assistances. Therefore, even if improper 
person acquires the IC card 100, the authentication apparatus 200 

15 does not certify improper person as the right person. In addition, 
the probability that the right person is not certified is low, 
because it is preferable if the right person carries anything of 
the portable articles 102. 

[0058] Next, the second transformation example of the 

20 embodiment is described. In this transformation example, the IC 
card 100 and the IC tag 102a of the portable article 102 hold an 
authentication information for the card and an authentication 
information for the article respectively . The IC card 100 receives 
the authentication information for the article from the portable 
25 article 102 during the personal authentication. After that, the 
IC card 100 generates an authentication key by means of the 
authentication information for the card and the authentication 
information for the article, and transmits the key to the 
authentication apparatus 200. The authentication apparatus 200 
30 performs the authentication process. 
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[0059] FIG. 9 is a block diagram showing a configuration of 

the IC card 100 according to this transformation example. The 
IC card 100 comprises an authentication information holding unit 
110 and an authentication key composing unit 120. The 
5 authentication information holding unit 110 holds the 
authentication information for the card in advance. The 
authentication key composing unit 12 0 receives the authentication 
information for the article from the IC tag 102a of the portable 
article 102. The authentication key is generated based upon the 
10 authentication information for the card and the authentication 
information for the article, and the generated key is output to 
the authentication apparatus 200. 

[0060] The configuration of the authentication apparatus 200 

is generally similar to the embodiment except that the 

15 authentication information holding unit 210 stores the 
authentication key in response to ID of the right person. 
[0061] Fig. 10 is a flowchart explaining the personal 

authentication process performed by the authentication system 10 
in the transformation example. At first, the right person inputs 

20 a personal ID and an object information into the authentication 
apparatus 200. The personal authentication unit 230 of the 
authentication apparatus 200 acquires the personal ID (S310) , and 
selects an authentication key from the authentication information 
holding unit 210 based upon the acquired personal ID (S320) . In 

25 addition, the processing unit 240 acquires the object information 
(S330) . 

[0062] Furthermore, the right person inserts the IC card 100 

into a card reader 20. The card reader 2 0 propagates 
electromagnetic waves in order to operate the IC tags 102a of the 
30 portable articles 102. The IC tags 102a operate using the 
electromagnetic waves propagated by the card reader 20 as an energy 
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source , and outputs the authentication information for the articles 
to outside by radio. The authentication key composing unit 120 
of the IC card 100 receives the authentication information for 
the articles output by radio (S34 0) , and generates the 
5 authentication key using the authentication information for the 
card and the authentication information for the articles held by 
the authentication information holding unit 110 (S350) . After 
that, the authentication key composing unit 120 transmits the 
authentication key to the authentication apparatus 200 by way of 

10 the card reader 20 (S360) . 

[0063] The personal authentication unit 230 of the 

authentication apparatus 2 00 certifies the right person when the 
authentication key received from the IC card 100 is identical with 
the authentication key selected from the authentication 

15 information holding unit 210 (S370) . The processing unit 240 
processes according to the object information (S380) . 
[0064] As described above, the IC card 100 receives the 

authentication information for the article held by the IC tag 102a 
of the portable article 102, and generates the authentication key 

2 0 using the authentication information for the card held by the IC 
card 100 . Therefore, even if improper per son acquires the portable 
article 102, improper person cannot pretend to be and behave like 
the right person. 

[0065] In addition, in the case of sending the authentication 

25 key generated by the IC card 100 to the authentication apparatus 
200, the IC card 100 may not be inserted into the card reader 20. 
In this case, the IC card 100 transmits the authentication key 
to the card reader 2 0 by radio. 

[0066] Furthermore, the IC card 100 may generate a decoding 

30 key, for example, a secret key for decoding the encoded information 
based upon the authentication information for the card and the 
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authentication information for the article. In this case, the 
personal authentication unit 230 decodes the encoded information 
based upon the received decoding key, and certifies the right person 
in the case of being capable of decoding, 
5 [0067] As is apparent from the explanation, according to the 

present invention, improper person cannot pretend to be and behave 
like the right person even if improper person acquires an article 
for the personal authentication. In addition, this is not burden 
to the right person in the case of the personal authentication. 

10 [0068] Although the present invention has been described by- 

way of an exemplary embodiment, it should be understood that those 
skilled in the art might make many changes and substitutions without 
departing from the spirit and the scope of the present invention. 
It is obvious from the definition of the appended claims that 

15 embodiments with such modifications also belong to the scope of 
the present invention- 



